Attorney Docket No. 03033 



What is claimed is: 

1 . A method of operating an access device comprising: 

receiving a packet at an access device deployed in a first network; 

automatically identifying a switch server in a second network, where the switch 
server is associated with an identifier obtained from the packet; 

forwarding the packet to the switch server in the second network so that the switch 
server can release the packet in the second network without releasing the packet in the 
first network. 

2. The method of claim 1 wherein the packet is a layer two frame. 

3. The method of claim 2 wherein the packet is received from a user device with layer 
two connectivity with the access device. 

4. The method of claim 3 where the first network is a remote network and the second 
network is a home network for a user of the user device. 

5. The method of claim 3 wherein the identifier comprises a media access control 
address associated with the user device. 

6. The method of claim 3 wherein the identifier comprises a media access control 
address associated with the user device and a cryptographic key identifier. 

7. The method of claim 3 wherein the identifier comprises a network layer address. 

8. The method of claim 1 wherein the packet is forwarded using a communication 
channel established across a public data network between the access device in the first 
network and the switch server in the second network. 
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9. The method of claim 8 where communication channels are established between the 
access device in the first network and a plurality of switch servers in different networks 
dynamically based on which users have established connectivity with the access device. 

10. The method of claim 8 where communication channels are dynamically established 
between access devices and switch servers which have no prior knowledge of each other. 

1 1 . The method of claim 4 in which the user device connects in a same manner as it 
connects to the home network. 

12. The method of claim 4 where the remote network does not need to allocate an EP 
address for the user device. 

13. The method of claim 4 where the remote network is not involved in performing user 
authentication and access control. 

14. The method of claim 1 wherein the switch server is identified by performing a 
lookup request using the identifier obtained from the packet. 

15. A system for remote access to a home network from a remote network, comprising: 
one or more switch servers, each switch server deployed in a home network 

associated with one or more users; and 

an access device for deployment in a remote network and providing connectivity for 
user devices, such that packets arriving at the access device from a user are forwarded to 
the switch server in the home network associated with the user and released into the 
home network without releasing the packets into the remote network. 

16. The system of claim 15 wherein the packets are layer two frames. 
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17. The system of claim 16 wherein the access device establishes communication 
channels to switch servers dynamically based on which users have established 
connectivity with the access device. 

18. The system of claim 15 wherein the access device selects which switch server to 
forward a packet based on an identifier obtained from the packet, where the identifier is 
associated with one of the switch servers. 

19. The system of claim 15 wherein multiple user devices having connectivity to the 
access device may be connected to different home networks and where the user devices 
connect in a same manner as they connect to their respective home networks. 

20. An access device comprising: 

a network interface for establishing connectivity with one or more user devices; 

a packet analysis module capable of obtaining an identifier from a packet received 
from the network interface and identifying a switch server in a second network associated 
with the identifier; 

means for dynamically establishing a communication channel with one or more 
switch servers so that a packet associated with a switch server can be forwarded to the 
switch server and released in the second network without releasing the packet in a local 
network. 

21 . The access device of claim 20 where the packets are layer two frames. 

22. The access device of claim 20 in which the user device connects in a same manner 
as it connects to the second network. 

23. The access device of claim 20 where the network interface provides wired 
connectivity with the user devices. 
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24. The access device of claim 20 where the network interface provides wireless 
connectivity with the user devices. 

25. The access device of claim 20 where traffic from the user devices are not bridged 
with any nodes in the local network. 

26. A switch server comprising: 

a network interface for connecting to a home network of a user; and 
an access module capable of maintaining communication channels with one or more 
access devices and receiving packets from the access device on behalf of a user device 
and releasing the packets using the network interface into the home network of the user. 

27. The switch server of claim 26 where the packets are layer two frames. 

28. The switch server of claim 26 wherein the switch server is responsible for local 
access policy enforcement. 

29. The switch server of claim 26 further comprising a decryption module for 
decrypting packets from the access device. 

30. The switch server of claim 26 further comprising a lookup module that responds to 
lookup requests from access devices. 

31. A device-readable medium comprising program instructions for causing an access 
device deployed in a first network to perform the steps of: 

receiving a packet; 

identifying a switch server in a second network, where the switch server is 
associated with an identifier obtained from the packet; 

forwarding the packet to the switch server in the second network so that the switch 
server can release the packet in the second network without releasing the packet in the 
first network. 
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32. The device-readable medium of claim 3 1 wherein the packet is a layer two frame. 

33. The device-readable medium of claim 3 1 wherein the packet is received from a user 
device with layer two connectivity with the access device. 

34. The device-readable medium of claim 33 where the first network is a remote 
network and the second network is a home network for a user of the user device. 

35. The device-readable medium of claim 33 wherein the identifier comprises a media 
access control address associated with the user device. 

36. The device-readable medium of claim 33 wherein the identifier comprises a 
cryptographic key. 

37. The device-readable medium of claim 33 wherein the identifier comprises a 
network layer address. 

38. The device-readable medium of claim 3 1 wherein the packet is forwarded using a 
communication channel established across a public data network between the access 
device in the first network and the switch server in the second network. 

39. The device-readable medium of claim 38 where communication channels are 
established between the access device in the first network and a plurality of switch 
servers in different networks dynamically based on which users have established 
connectivity with the access device. 

40. The device-readable medium of claim 3 1 wherein the switch server is identified by 
performing a lookup request using the identifier obtained from the patent. 
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